The Internet growth, information sharing, and technology improvement are some of the factors that human society has become dependent on. The massive amount of data available on the Internet has created a new type of cyber crime that targets confidential, personal, and mission critical data. Internet fraud is amplified by the variety of tools that are available on-line for malicious purposes. While in the past a hacker needed to have a considerable amount of knowledge to perform a simple intrusion, today, an attack can be carried out at a click of a button.
To counteract attacker's activities, various companies and researchers around the world design and employ Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) that are used to detect and isolate an attack from the rest of the network. One of the challenges in this context is configuring attack detection and containment tools to allow proper intrusion detection and response without sacrificing the normal functionality of the rest of the network. Such configuration requires a careful assessment of system characteristics and potential risk factors, which is typically performed by a system analyst. However, with the rapid increase in the size and complexity of systems in recent years the manual approach is no longer feasible.
While some research has been done into the role of modeling and simulation to computer security, there remains a lack of sound and comprehensive tools for security modeling and simulation.